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What is Claimed: 

1. A computer-readable medium having encoded thereon computer-executable instructions 
to perform a method of creating shadow pages for an address translation map, the address 
translation map comprising a page directory and a plurality of page tables, the page directory 
comprising a links to the plurality of page tables, each of the page tables comprising links to a 
pliurality of data pages, the page directory and page tables each being stored in one of the data 
pages, the method comprising: 

for at least one of the pluraUty of page tables, creating a first shadow page table 
based on said one of the plurality of page tables, said first shadow page table differing from said 
first one of the pluraHty of page tables in at least one of the following respects: 

at least one entry in said first shadow page table links to a different data page 
than that entry's corresponding link in said first one of the plurality of page tables; and 

said first shadow page table contains one or more read-only links whose 
corresponding links in said first one of the plurality of pages tables are read/write; and 

creating a shadow page directory based on the page directory, the page directory 
comprising a link to said one of the plurality of page tables, said shadow page directory comprising 
a link to said shadow page table instead of the link to said one of said plurality of page tables. 

2. The computer-readable medium of claim 1, wherein a policy governs access to a memory, 
wherein access to said memory based on said address translation map applied to said virtual address 
results in violation of said policy, and wherein access to said memory based on said shadow page 
directory and said first shadow page table being appUed to said virtual address does not result in 
violation of said policy. 

3. The computer-readable medium of claim 1, wherein each of the data pages is stored at a 
particular frame of a memory, wherein said page directory is stored at a first firame, and wherein the 
method further comprises: 

maintaining a copy of said page directory at a second fi-ame different from said first 

frame; and 

storing the shadow page directory at said first frame. 
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4, The computer-readable medium of claim 1, wherein said page directory comprises a link 
to a first-sized page, said first-sized page comprising a plurality of second-sized pages, and wherein 
the method fiirther comprises: 

creating a second shadow page table that comprises links to said plurality of 
second sized pages, wherein said shadow page directory comprises a link to said second shadow 
page table. 

5, A system for managing the use of a memory comprising: 

a memory comprising a plurality of individually-addressable components that can be 
read and written, each of the individually-addressable components having a physical address 
associated therewith; 

an address translation data structure that defines a mapping between virtual addresses 
and the physical addresses of the individually-addressable components; 

a memory manager that receives a request to access a first one of the individually- 
addressable components, said request identifying said first one of the individually-addressable 
components based on a virtual address, said memory manager translating said virtual address into 
the physical address of said first one of the individually- accessible components based on data that 
comprises a shadow representation of said address translation structure. 

6, The system of claim 5, wherein said memory is organized into a plurality of pages, said 
first one of the individually-addressable components being located within one of said plurality of 
pages, wherein said address translation structure comprises: (1) a plurality of page tables that 
contain links to said plurality of pages, and (2) a page directory that contains links to said plurality 
of page tables, and wherein said shadow representation of said address translation structure differs 
fi-om said address translation structure with respect to at least one link. 

7, The system of claim 6, wherein each of the links contained in said page directory and said 
page tables contains one or more attributes, and wherein at least one link in said shadow 
representation differs firom a corresponding link in said address translation structure with respect to 
at least one attribute. 
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8. The system of claim 6, wherein the page directory and each of the page tables is stored in 
one of said plurality of pages, each of the pages having a physical location descriptor associated 
therewith, each of the links in the page directory and page tables identifying one of the pages based 
on the physical location descriptor. 

9. The system of claim 8, wherein said shadow representation includes an altemative version 
of at least one of said page directory or one of said page tables, and wherein said altemative version 
is stored at a page having a different physical location descriptor from the page on which the 
altemative version is based. 

10. The system of claim 5, wherein a policy govems the accessibility of the memory, 
wherein the address translation structure, exposes the memory to violation of the policy, and 
wherein the system further comprises: 

a memory access control manager that creates the shadow representation based on 
the address translation structure and ensures that the shadow representation, if used to access the 
memory based on virtual addresses, does not result in violation of the policy. 

1 1 . The system of claim 10, wherein the policy defines a portion of the memory as 
inaccessible, and wherein the memory access control manager ensures that the shadow 
representation does not expose a virtual address for said portion of the memory. 

12. The system of claim 10, wherein the policy defines a portion of the memory as being 
readable but not writeable, and wherein the memory access control manager ensures that the 
shadow representation contains one or more attributes that mark the portion of memory as being 
read-only. 

13. The system of claim 10, wherein the memory access control manager ensures that the 
shadow representation contains one or more attributes that mark as read-only those portions of the 
memory that store at least one of: (1) the address translation structure; and (2) the shadow 
representation. 
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14. A method of executing a memory access request comprising: 

receiving an request to read or write a imit of a memory, said request identifying said 
unit of said memory based on a virtual address; 

accessing said unit of memory based on a representation of a map that defines a 
relationship between virtual addresses and physical addresses, said map being stored in one or more 
pages of said memory, said representation of said map comprising at least one shadow page that is 
based on a first one of said one or more pages, said map including at least one aspect which, if used 
to access said memory based on said virtual address, would result in violation of a memory access 
policy, said shadow page differing fi-om said first one of said one or more pages in a manner such 
that use of said representation of said map to access said memory based on said virtual address does 
not violate said memory access policy; and 

performing the read or write specified in said access request. 

15. The method of claim 14, wherein said memory access policy defines a portion of said 
memory as being inaccessible, wherein said map exposes writeable links to portions of said memory 
that define virtual address mappings, and wherein said representation of said map does not expose 
writeable links to portions of said memory that define virtual address mappings. 

16. The method of claim 14, wherein said map comprises: (1) a pluraUty of tables that 
contain links to a set of said one or more pages, and (2) a directory that contains links to said 
plurality of tables, said at least one shadow page comprising a shadow directory that differs firom 
said directory in at least the respect that at least one link in the shadow directory points to a shadow 
page table instead of to one of said plurality of tables. 

17. The method of claim 14, wherein said map comprises a plurality of tables that contain 
links to a set of said one or more pages, wherein said shadow page comprises a representation based 
on one of said tables, and wherein said shadow page contains a representation of a first link that 
exists in said one of said tables, wherein said first link is a read/write link in said one of said tables, 
and wherein said shadow page differs fi"om said one of said tables in that said shadow page's 
representation said first link is marked read-only. 
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18. The method of claim 14, wherein said shadow page comprises a directory, wherein said 
unit of memory is encompassed by a first-sized page that comprises a plurality of second-sized 
pages, wherein said map comprises a directory that contains a link to said first-sized page, wherein 
said shadow page is based on said directory, and wherein said shadow page differs from said 
directory in that said shadow page contains a link to a table instead of a link to said first-sized page, 
wherein said table contains links to second-sized pages that are included within said first-sized 
page. 

19. A computer-readable medium having encoded thereon a data structure that is 
representative of an address translation map, the address translation map comprising a page 
directory, the directory comprising links to a plurality of page tables, each of the page tables being 
stored at a particular frame within said computer-readable medium, each of the page tables 
comprising links to a plurality of pages of said computer-readable medium, the data structure 
comprising: 

a shadow page table that is based on a first one of the plurality of page tables; 

a shadow page directory that is based on the page directory, the page directory 
comprising a first entry that contains a link to said first one of the plurality of page tables, said 
shadow page table comprising a second entry that corresponds to the first entry, said second entry 
containing a link to said shadow page table instead of a link to said first one of the plurality of page 
tables. 

20. The computer-readable medium of claim 19, wherein the first of the plurality of page 
tables is stored at a first frame, wherein the shadow page table is stored at a second frame, and 
wherein the shadow page directory differs from the page directory in the respect that a link in the 
page directory contains an identifier of said first frame and the corresponding link in the shadow 
page directory contains an identifier of said second frame. 

21. The computer-readable medium of claim 19, wherein said first of said plurality of page 
tables contains a link to a first one of the pages, wherein said shadow page table contains a link to a 
representation based on said first one of the pages instead of the link to the first one of the pages, 
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said representation based on said first one of the pages being stored at a frame different from said 
first one of the pages. 

22. The computer-readable medium of claim 21, wherein said first one of the plurality of 
pages stores either the page directory or said first one of the plurality of page tables. 

23. The computer-readable medium of claim 22, wherein said first one of the pluralty of 
page tables contains a link that specifies said first one of the plurality of pages as being readable and 
writeable, and wherein the corresponding link in said shadow page table specifies said first one of 
the plurality of pages as being only readable. 

24. The computer-readable medium of claim 19, wherein the page directory and said first 
one of the plurality of page tables contain at least one feature such that, if used to access a memory 
based on a virtual address, would result in a violation of a memory access policy, and wherein the 
shadow page directory and shadow page table contain data such that accessing the memory through 
said shadow page directory and said shadow page table based on said virtual address does not result 
in violation of said memory access policy. 
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